Corporate Compliance and Business Conduct Program2018 Annual Report

Monitoring and Auditing Confidential Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8Anti-Retaliation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Allegations of Wrongdoing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Significant Allegation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Audit Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Investigation Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Incentives and DisciplineIncentives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11Positive Discipline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11Violating the Code of Conduct . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Due DiligenceConflict of Interest Disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13Security Screening Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13Post-Hire Background Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13Security Vendor Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . .13Foreign Corrupt Practices Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Risk AssessmentEnterprise Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14Compliance Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

ContentsIntroductionWelcome from the CECO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Xcel Energy’s Vision, Mission and Values . . . . . . . . . . . . . . . . . . . .1Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

OversightTone at the Top . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3Functional Organization Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3Investigations Governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4Board of Directors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Audit Committee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Governance, Compensation and Nominating Committee (GCN) . . .5Chief Ethics and Compliance Officer . . . . . . . . . . . . . . . . . . . . . . . . .5Director of Corporate Compliance . . . . . . . . . . . . . . . . . . . . . . . . . .5CCBC Council . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Investigations Governance Committee . . . . . . . . . . . . . . . . . . . . . . .6VP Oversight Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Compliance Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Code of Conduct and Policies Code of Conduct . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Corporate Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Communications and TrainingCommunication Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Multi-Year Training Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Annual Training Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

IntroductionWelcome from the Chief Compliance and Ethics Officer2018 was an all-around strong year for Xcel Energy, thanks to dedicated employees delivering on our vision and mission . I am proud that we came together as one team to refresh our corporate values so that they readily guide the work we do . These values — Connected, Committed, Safe, and Trustworthy — are words that resonate, are easy to remember, and clearly state who we are .

The Corporate Compliance and Business Conduct program likewise had a strong year and is working in alignment with the Company’s drive to ensure a strong corporate culture . Living our values creates that strong culture – which includes a culture committed to compliance and ethical conduct . If something seems wrong, we want everyone at Xcel Energy to be comfortable reporting it, know the Company takes such concerns seriously, and understand that we will promptly investigate and take any appropriate action .

To that end, in 2018 we streamlined and enhanced the process for reporting concerns, making it easier to let us know of anything that seems wrong . We also focused on helping leaders know how to handle difficult situations, respond effectively to employee concerns, and use best practices for recognizing and preventing retaliation . To reinforce our commitment to a workforce free of retaliation, we adopted a brand new anti-retaliation policy that makes expectations clear . And we have made progress in making our policies clearer and our training more engaging so that expectations are understood and employees are committed to meeting them .

Our commitment to you is that we won’t lose any steam in the year ahead . In 2019, I’m excited to say that we’ll continue improving our connection with you to drive even higher levels of engagement and enthusiasm about our commitment to compliance and your role in supporting it . Like other parts of the company, we plan to continue doing what is going well, and to find ways to do things even better going forward . Our strong foundation gives us something to be proud of — and something on which to build an even better future .

OXcel Energy’s Vision, Mission and ValuesWe recognize that our mission, vision and values are the foundation of everything we do — from how we partner and work with each other to how we approach our relationships with our customers and communities . They guide our actions, our behaviors and our decisions . That’s why, in 2018, we took a closer look at our values and put new focus on who we are as a company today and who we want to be in the future . Through conversations across the organization, we asked ourselves what values will guide us for the years to come as we continue to evolve . We are excited for our renewed values of Connected, Committed, Safe and Trustworthy .

VisionWe will be the preferred and trusted provider of the energy our customers need .

MissionWe provide our customers the safe, clean, reliable energy services they want and value at a competitive price .

Values Our values reflect our core beliefs — who we are, how we conduct our business and the importance of our customers . They guide us in our work and in our interactions with each other .

1

LEAD THE CLEAN ENERGY TRANSITION

ENHANCE THE CUSTOMER EXPERIENCE

KEEP BILLS LOW

TRUSTWORTHY CONNECTED COMMITTED SAFE

Judy Poferl Senior vice president, Corporate Secretary and Executive Services

2

PurposeXcel Energy’s Corporate Compliance and Business Conduct (CCBC) program is a cornerstone of how we do business . At Xcel Energy, we are committed to conducting business in accordance with applicable laws, regulations, company policies and our shared values .

Our program follows the elements of an effective compliance program as outlined by the Federal Sentencing Guidelines and our strong culture of integrity and compliance is the framework . The focus of our program is to “Do What’s Right: Report What Seems Wrong .”

This Annual Report is an overview of work done to help us effectively meet each of these elements and highlights key actions and additions to the program in 2018 . All of the programs and activities outlined in this document help ensure we are a company our employees are proud to work for and our customers trust doing business with us .

Ove

rsig

ht

Polic

ies

Co

mm

un

icat

ion

s &

Tra

inin

g

Mo

nit

ori

ng

& A

ud

itin

g

Dis

cip

line

& In

cen

tive

s

Du

e D

ilig

ence

Ap

pro

pri

ate

Res

po

nse

Ris

k A

sses

smen

t

Culture

3

OversightTone at the TopStrong tone at the top is a critical component of any effective program . Xcel Energy’s chairman, president and chief executive officer (CEO) supports that tone in several ways, beginning by championing the work to refresh our corporate values so that they can play a more visible role in guiding our work . The refreshed values were introduced in mid-2018, and were adopted by the Xcel Energy Board of Directors in August .

The CEO has used the platform of the refreshed values for engaging with employees, be it through support of the team’s effort to develop them, to a webcast with leaders to gain understanding and commitment in advance of the Company-wide introduction, to championing them through quarterly webcasts where he discussed, among other things, the importance of a culture of compliance .

In addition, the CEO spoke to all employees about commitment and expectations through a recorded message at the beginning of the annual Code of Conduct training . He met with the CCBC Council to discuss lessons learned from external events and shared his message that compliance and ethical conduct must never be compromised and stressed the importance of the Council’s work . The CEO also receives regular updates from the chief ethics and compliance officer and general counsel on compliance matters throughout the year . Lastly, regular messaging throughout the year from the CEO to his executive team conveyed the importance of modeling ethical behavior always .

OFunctional Organization ChartThe Functional Organization Chart below depicts governance for Xcel Energy’s CCBC Program .

Corporate Compliance and

Business Conduct Of�ce

Audit Committee

Chief Ethics and Compliance

Of�cer

CEO

Board of Directors

4

Investigations Governance The pyramid below depicts governance for Xcel Energy’s investigations process .

Case investigations and�ndings reports

Identi�es trends and ensures process integrity

Ensures investigationconsistency and completeness

Oversees investigationsapproach and discipline

Governing authority and oversight

Board/Audit

Committee

InvestigationsGovernance Committee

VP Oversight Team

CCBC Of�ce

Investigators

5

Board of DirectorsXcel Energy’s board of directors has overall authority for the CCBC Program, including approval of the company’s Code of Conduct . The board is expected to comply with the Code of Conduct, as are all employees and contract workers .

The board delegates key elements of oversight to the Audit Committee and Governance, Compensation and Nominating Committee . Such responsibilities are outlined in committee charters .

Audit CommitteeThe Audit Committee is the governing authority for the CCBC Program . As such, it is knowledgeable about the program and exercises reasonable oversight with respect to implementation and effectiveness .

The Audit Committee received updates on a quarterly basis in 2018 through the CCBC Program Quarterly Report . The reports contained information on key initiatives to enhance the program and organizational culture, actions related to compliance risks and data analytics and benchmarking information .

The Audit Committee also received updates through the CCBC Program Annual Report and presentation .

Governance, Compensation and Nominating Committee (GCN)While the Audit Committee is responsible for the overall CCBC Program, the Governance, Compensation and Nominating Committee (GCN) is responsible for overseeing corporate policies such as the Code of Conduct . The GCN Committee reviews proposed policy content changes and recommends board approval as appropriate .

Chief Ethics and Compliance Officer (CECO)The senior vice president, Corporate Secretary and Executive Services is the company’s CECO, with overall responsibility for all compliance and business conduct matters . The CECO reports directly to the CEO and has direct access to the board of directors as needed .

Director of Corporate ComplianceThe director of Corporate Compliance has day-to-day operational responsibilities for the CCBC Office (four employees) and CCBC Program . The director reports to the CECO and has direct access to the CEO and Audit Committee as needed .

CCBC CouncilThe CCBC Council ensures a strong culture of compliance and ethics by assisting the CECO and the Audit Committee in overseeing the CCBC Program . The CCBC Council comprises leaders from a broad cross section of functional areas including Audit, Business Systems, Communications, Operations, Transmissions, Nuclear, etc . This is an important vehicle for good execution of the decentralized implementation of the overall program . The Council met quarterly in 2018 and leaders facilitated business area discussions with employees between meetings to ensure information and best practices flow well across the company .

The functional areas represented at the CCBC Council include:

Audit Business Systems CCBCCommercial Operations

Communications Customer Care Distribution Energy Supply

Enterprise Security Services

Environmental Services

Financial Operations Gas

General Counsel Human Resources NERC/FERC Nuclear

Risk Management Safety Supply Chain Transmission

6

Investigations Governance CommitteeXcel Energy’s Investigations Governance Committee oversees the company’s investigations process for allegations of wrongdoing .

The committee comprises the chief ethics and compliance officer, general counsel, chief financial officer and chief human resources officer . The committee meets quarterly and reviews investigations and results, discusses impact and learnings from external events and makes recommendations to enhance the investigations process .

VP Oversight TeamThe VP Oversight Team comprises the director of corporate compliance, deputy general counsel, chief risk and audit officer, vice president of workforce relations and safety and the director of security . During monthly meetings, the team reviewed allegations and worked collaboratively to implement improvements to the enterprise investigations process .

Compliance ToolsCompliance groups across the company are committed to using technology to track compliance requirements and findings . Xcel Energy is working on fully deploying RSA Archer as an eGRC platform as it has capabilities to improve tracking, monitoring and reporting associated with compliance requirements and findings and it enhances visibility to key risk areas and findings across the company .

Key ActionsIn 2018, the CCBC office added a governance step of escalating all claims of discrimination, harassment, including sexual harassment, and retaliation to the VP Oversight Team for review prior to any action being taken so that we can ensure consistent and appropriate treatment . In addition to these claims, the VP Oversight Team reviews other higher risk allegations such as workplace violence and any identified subject or location patterns .

Code of Conduct and PoliciesCorporate policies outline employee expectations and provide the tools to help employees do the right thing .

Code of ConductXcel Energy’s business and management practices are built on a strong, ethical foundation: the Code of Conduct . Employees and their principled actions are at the heart of Xcel Energy . Employees at all levels, members of the board of directors and contract workers are expected to apply the Code of Conduct to their work . The Code of Conduct alerts employees of their ethical responsibilities and holds them responsible for their actions . The board of directors reviews and approves any changes to our Code of Conduct .

Corporate PoliciesEmployees are responsible for knowing and following not only the Code of Conduct but other corporate policies in categories such as Legal and Regulatory, Human Resources, Sourcing and Information Technology .

All corporate policies are available on XpressNET, the company’s intranet . Certain policies are available externally, on xcelenergy .com .

Key ActionsIn 2018, we updated policy content in response to new or changing regulations and business practices . One new and noteworthy policy is the Anti-Retaliation policy . While our Code of Conduct has always prohibited retaliation and protected our employees who report concerns, we created a dedicated anti-retaliation policy to increase visibility of the company’s expectations . The policy describes how we keep employees safe and lays out special requirements for leaders regarding anti-retaliation . We also updated an existing policy that protects employees from discrimination, harassment and other unacceptable behaviors . The revised policy better explains employee conduct expectations and the steps that will be taken to ensure our workplace is free of unacceptable behavior .

We also began work to implement a better framework for establishing and governing policies, such as a policy review committee, and developed common components for writing policies to ensure consistency and clear understanding by employees . New and updated policies in 2019 will reflect these efforts .

7

Communications and TrainingContent from corporate policies is embedded in communications and training courses to help employees understand expectations and to communicate Xcel Energy’s commitment to ethical business behavior .

Communications ChannelsRegular, consistent communication to employees about company values, the Code of Conduct, other policies and training requirements are designed to help employees Do What’s Right . We used a variety of channels in 2018 to reach employees across teams:

• Various CEO platforms, including leadership meetings, webcasts, and blogs .

• All Managers’ Emails, distributed to inform leaders of policy-related news they should share with their employees .

• Policy news stories, focusing on the details of different policies by using real world examples so that it is meaningful for all employees .

• Compliance Matters, a publication that provides high-level summaries of real investigations and their results to employees . The examples showcase both positive and negative employee actions and demonstrate that when there is confirmed wrongdoing, the Company takes appropriate action (including termination) . The intent is to demonstrate to employees that when they report an issue (whether observed or directly experienced), it will be properly addressed .

• Conversations and other discussion between members of the CCBC Council and employees in their business area .

In 2018, we published a video on XpressNET highlighting the refreshed version of the Compliance Hotline . Key points include accessing the hotline from any device, electing to remain anonymous, following up on a report, and understanding that retaliation is strictly prohibited at Xcel Energy .

Multi-year Training PlanXcel Energy’s multi-year Corporate Compliance Training Plan outlines required training for employees, contract workers and members of the board of directors . Key drivers for required training include regulatory requirements and sound business practices .

Some training courses, like the Code of Conduct course, are required annually . Employees and directors are required to complete Code of Conduct training, and other required courses, within 30 days of being hired and annually thereafter . Included in the Code of Conduct training course is a statement of commitment .

Other training courses are required at least every three years as specified by corporate policies, laws, regulations and/or business practices . Courses are assigned as applicable to individual learning plans in the Xcel Energy Learning Management System .

Additional courses that are required based on job function or business area are communicated separately .

Annual Training PlanTraining courses in 2018 were designed to help employees understand expectations and make good decisions every day . Training courses were packed with information that was presented in an engaging manner . Our employees used information from training courses to work in ways that protected the company’s brand and reputation by working safely, effectively and complying with the many policies, laws, regulations and expectations governing our work .

In 2018, the Corporate Compliance curriculum included 10 courses:• Code of Conduct• Company Vehicle Assignment and Use• Critical Infrastructure Protection• Data Privacy & Security for CRS/AFS• Discrimination, Harassment and Other Unacceptable Behaviors • Enterprise Security Awareness• FERC Standards of Conduct • Securities Trading Pre-Clearance• Securities Trading Overall• Travel and Employee Expense Reimbursement

8

The goal for required training is 100-percent completion by the due date . Training completion percentages are monitored weekly . Leaders are responsible for making sure employees complete required training on time .

In 2018, all but a handful of employees achieved 100-percent on-time completion for the 10 Corporate Compliance courses, and by year end, all employees completed the required Corporate Compliance curriculum .

Key ActionsIn 2018, we focused on providing better tools and in-person training on what is expected of leaders at Xcel Energy . To that end, we held in-person compliance and ethics training for leaders, included a microlearning module in the HR resource Leadership Essentials, which focuses on what leaders need to know when an employee comes to them with a concern and best practices on how to prevent retaliation . In addition to the reading materials, we created a short “Can you handle it?” quiz and two engaging videos demonstrating an employee speaking to a leader . We also created an e-learning course titled Compliance for Leaders that launched January 2019 . The course is designed to equip newly hired or promoted leaders with the tools and resources they need to comply with company policies, laws and regulations . Content includes handling employee concerns, managing personnel action forms and accurately reporting accruals and employee time .

Another important focus was on the 2019 Corporate Compliance training plan . To improve training effectiveness we added more rigor and oversight to what topics would be assigned and increased subject matter expert involvement in the process . By working with the subject matter experts, learnings were not lost but will now be delivered more concisely . This change will help support better learner retention, minimize course fatigue and return productive work time back to employees .

Monitoring & AuditingConfidential ReportingEmployees have a responsibility to “Report What Seems Wrong,” as outlined in the Code of Conduct . While reporting takes time and effort, it gives the company a chance to investigate issues that otherwise may not be known and take action as needed . Xcel Energy commits to provide employees with numerous reporting options, effective and efficient investigations, appropriate response and protection from retaliation . These commitments are in place to support the continuance of a culture of compliance and sustain Xcel Energy’s brand and reputation .

Employees may:• Contact EEO/Employee Relations or Workforce Relations

• Speak with a leader or another member of management

• Contact Legal Services

• Visit http://www .XcelEnergyComplianceHotline .com or call the Compliance Hotline at 800 .555 .8516

• Contact Xcel Energy’s Compliance and Business Conduct Office at 612 .215 .5354

• Report concerns to any Xcel Energy board member

Additional reporting options for nuclear:

• Complete a Nuclear Corrective Action Request form

• Report nuclear safety issues to the Employee Concerns Program at 866 .327 .4662

• Contact the Nuclear Regulatory Commission at 800 .695 .7403

9

Anti-RetaliationAs part of our commitment to living our corporate values, Xcel Energy empowers employees to speak up without fear of retaliation when they see or suspect misconduct and to feel secure when cooperating with internal investigations of any matter while providing honest, truthful and complete information . Xcel Energy is also committed to ensuring that our employees are free to exercise their lawful rights without fear of retaliation . Our Anti-Retaliation policy indicates that all forms of retaliation are prohibited and will not be tolerated .

Allegations of Wrongdoing Xcel Energy takes seriously all allegations of wrongdoing . All concerns are entered into a case management system, allowing for a complete view of all the allegations of wrongdoing throughout the company . Once entered, the CCBC office assigns the investigation to the appropriate business function based on allegation type . Investigations are assigned to functions such as EEO/Employee Relations, Workforce Relations, Legal, Audit or Security .

Audit Committee Review Process At Xcel Energy, any allegation which could potentially have a material impact on the company’s financial statements gets immediately elevated to the Chair of the Audit Committee . The Audit Committee also receives quarterly reports that include information on all case activity, including any significant trends, findings or observations .

Audit ServicesXcel Energy’s Audit Services department conducts periodic audits to confirm compliance with applicable laws and regulations, corporate policies and compliance and business conduct best practices . In 2018, 46 audit engagements were completed and 16 confidential investigations .

Key ActionsIn 2018, we completed a system refresh of Xcel Energy’s allegation of wrongdoing case management system . This initiative included streamlining the hotline phone and web report intake form, making it easier for employees to report concerns, as well as simplifying the process of recording and monitoring progress on the investigations . Simultaneously, new internal processes were implemented, including a CCBC office review upon case intake and case closure . Investigative groups were trained on the new system and processes and were issued a user guide that includes step-by step instructions for intake and closure of concerns . Lastly, we created a SharePoint resource site, allowing for investigators to have easy access to manuals, reference materials and process maps .

These improvements will drive consistency in reporting, enhance the employee experience and strengthen comprehension of policies and expectations . From this platform we plan to build greater capabilities to identify trends or areas of concern so that we can take prompt action if need be .

10

Reporting ProcessThis graphic illustrates the reporting process . All concerns, whether they are made through the Compliance Hotline or through any other available reporting options, are entered into the case management system and reviewed by the CCBC office . The CCBC office then assigns the investigation to the appropriate business function, such as EEO/Employee Relations, Workforce Relations, Legal, Audit or Security .

Leader

WorkforceRelations

Legal

Board ofDirectors/CEO

EEO/Employee Relations

ComplianceHotline

Legal Case Closeout

Audit

Security

WorkforceRelations

EEO/Employee Relations

Corrective Action Taken (if needed)

Discipline is recommended byEEO/Employee Relations and

executed by the manager

CorporateCompliance Office

CorporateCompliance

Office

InvestigationsPartners

ReportFiled

11

Investigation DataIn 2018, the number of concerns reported and investigated was consistent with the prior year . Employees used all reporting options with 40 percent of concerns reported to leadership/HR, 31 percent reported to the hotline phone and 29 percent reported using the hotline website . We are glad to have anonymous reporting options available to employees, and to see employees using whatever option they are most comfortable to report concerns . It should be noted, however, that it remains important for employees to use the anonymous follow up features that the hotline and website provide to communicate with investigators (while still remaining anonymous) . Anonymous concerns with no follow up by the reporter can be much more difficult to investigate due to the lack of information provided and are therefore substantiated at a lower rate .

The area where we received the most reports was in workplace conduct . This includes harassment, discrimination, and other unacceptable behaviors (such as bullying, hazing and horseplay) as well as unprofessional conduct and unfair treatment . Through our work on the values, the policy enhancements in the area of discrimination, harassment and other unacceptable behaviors and the Compliance Matters articles with actual case examples, we are continually committed to providing clear expectations of what we require from our employees and what behaviors are simply not tolerated .

Overall, corrective action (ranging from counseling through termination) resulted in just over a third of all investigations .

Incentives and DisciplineIncentivesRecognizing and rewarding great work is key to our success .

Employee recognition is powerful . It reinforces what’s important, builds trust, engages employees, and improves productivity — all contributing to improved bottom-line results . Our recognition programs are geared toward employees and teams who go above and beyond to serve customers and surpass expectations . Such programs range from no-cost ways to thank employees to awarding points that can be redeemed for merchandise that is selected by the employee .

At the heart of our pay for performance process is differentiating investments to ensure top performers receive the highest rewards based on company and individual performance . Leaders make incentive pay and base pay decisions for individual performance based on contributions and impact . These decisions include considering whether employees conducted themselves in a manner consistent with our values, including honest and ethical behavior .

Positive DisciplineXcel Energy’s Positive Discipline program is a system that emphasizes employees’ responsibility for their own behavior . It focuses on communicating an expectation of change and improvement in a positive way while maintaining concern for the seriousness of the situation . Each type of discipline is a reminder of expected performance, attendance or conduct . The type of discipline, if any, is based on the violation and determined after consultation with management, Human Resources and Legal Services .

12

Violating the Code of ConductAn employee who violates the law, Xcel Energy’s Code of Conduct or any other Xcel Energy policy will be subject to disciplinary action, up to and including termination of employment . Additional actions may include reassignment of work duties and limitation in future job opportunities . Violations of law may be referred to local law enforcement authorities for prosecution . In 2018, 31 individuals were terminated for violations of the Code of Conduct .

Key ActionsTo have an ethical culture we must be an organization of shared values and they must be ingrained in all aspects of our business . In 2018, Human Resources incorporated the corporate values into the XCelebrate recognition tool that helps employees recognize a co-worker’s positive effect or celebrate their accomplishments . When sending an eCard employees are able to select whether the recognized coworker exhibited our value of connected, committed, safe or trustworthy .

13

Due DiligenceXcel Energy has built its strong reputation in part by conducting its business in an honest and ethical manner . All employees play a crucial role in helping us protect that reputation .

Conflict of Interest Disclosure QuestionnaireIn 2018, we issued a Conflict of Interest Disclosure Questionnaire that was completed by all directors and above that asked about conflicts or potential conflicts of interest . The compliance and legal departments reviewed the disclosures and followed up as needed . This process supplemented the annual questionnaire that is in place for officers and members of the board of directors, and the ad hoc conflict of interest reporting process, which is available throughout the year . Additionally, we maintain a monitoring program for Conflict of Interest reports that are approved with restrictions, whereby employees verify annually that they are abiding by the restrictions .

Security Screening ProgramXcel Energy continued using its security screening program to ensure the dependability and trustworthiness of its employees and contract workers . The purpose of screening is to gain knowledge of an individual’s general character and reliability .

In 2018, we denied slightly over six percent of potential employees and contractors who were screened . Denials were for reasons that would have violated certain aspects of our Code of Conduct, such as: failed drug test, felonies, dishonesty, fraud and/or unfavorable terminations from other companies .

All Xcel Energy employees, contract workers and members of the board of directors must successfully complete a security screening . In addition, positions involving unescorted access to company or customer property, or access to any computer system supporting our business, also require successful completion of a security screening .

Post-Hire Background CheckTo ensure a strong culture of compliance and mitigate risk associated with senior leaders in key positions, we conduct ongoing post-hire background checks for such employees . Rescreening is planned every five years and occurs prior to employee promotions to key senior roles .

Security Vendor Risk AssessmentIn 2017, the Security Risk Management Team developed and implemented a new Security Vendor Risk Assessment (S-VRA) process . The process provides transparency into security-related risk(s) that could potentially be introduced to Xcel Energy as a direct result of utilizing a third-party vendor’s product, service, application, etc . All newly proposed vendor arrangements are subject to the S-VRA process before a contract is signed, and on a recurring cadence throughout the time the vendor services are provided .

Foreign Corrupt Practice Act (FCPA) Governance Committee The Foreign Corrupt Practices Act (FCPA) Governance Committee oversees the Company’s compliance program related to anti-bribery and anti-corruption . The committee provides oversight with respect to program implementation and effectiveness and reviews the company’s policies and practices; recommends actions to ensure compliance with laws, regulations, and policies; and discusses best practices, external trends and implications, if any, to the company’s business operations .

In 2018, the FCPA Committee held its annual meeting to hear a report on the program . While a few opportunities to improve the program were identified and implemented, overall, the program is strong and risk of violation is low .

Key AccomplishmentsAs conflicts of interest or perceived conflicts often occur at the decision making level, we expanded the Conflict of Interest Disclosure Questionnaire in 2018 to include all directors . In previous years the questionnaire was only sent to vice presidents and above .

Another key accomplishment is in the implementation of the Security Vendor Risk Assessment program that protects our Company from third-party risk by thoroughly evaluating the partners we do business with . From the start of the program in 2017 to Dec . 31, 2018 the Security Risk Management Team completed 344 assessments .

14

Risk AssessmentEnterprise Risk ManagementThe Enterprise Risk Management organization assisted with the annual compliance risk assessment activities and alignment of compliance risk assessment results with enterprise risk results .

Compliance Risk AssessmentXcel Energy’s Compliance Risk Assessment is conducted annually and identifies existing and emerging compliance risks across the enterprise . The assessment methodology includes consideration of maturity and impact . In 2018, we assessed a total of 24 programs, 8 for the first time . Results showed that Environmental, Customer Care, Nuclear and Sarbanes Oxley have the most mature programs, with Enterprise Resilience and Business Systems in earlier stages of maturity . These results are consistent with our expectations as the less-mature programs have only been recently formalized .

Key Actions In 2018, we made multiple improvements to Xcel Energy’s Compliance Risk Assessment, including,

• Improving consistency and comparability across compliance programs evaluated

• Scoring programs on the basis of maturity as compared to the Federal Sentencing Guidelines

• Identifying and addressing cross-cutting enterprise issues that could be strengthened to further support a strong culture of compliance

The improvements in our 2018 assessment set the stage for further work in maturing the enterprise-wide compliance program .

Summary2018 once again confirmed the importance of the CCBC Program in ensuring a strong culture of compliance and ethics to sustain the company’s brand and reputation . We took a number of actions to build on the program’s solid foundation, enhance our efforts and drive progress toward the strong corporate culture we want to achieve . We look forward to making further progress in 2019 .

15

Do What’s Right: Report What Seems Wrong

You have numerous reporting options:

EEO/Employee Relations/Workforce Relations

Your leader or another member of management

Legal Services

Xcel Energy’s Corporate Compliance and Business Conduct Office, 612 .215 .5354

Compliance Hotline at XcelEnergyComplianceHotline .com or 800 .555 .8516, available 24 hours a day and with the option to remain anonymous

Xcel Energy Inc . Board member

Additional reporting options for nuclear employees include:

Complete a Nuclear Corrective Action Request form

Report nuclear safety issues to the Employee Concerns Program, 866 .327 .4662

Nuclear Regulatory Commission, 800 .695 .7403

xcelenergy .com | © 2019 Xcel Energy Inc . | Xcel Energy is a registered trademark of Xcel Energy Inc . | 19-02-105